NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

A. The collector agent must search security event logs.

B. The NetSession Enum function is used to track user logouts.

C. The collector agent uses a Windows API to query DCs for user logins.

D. NetAPI polling can increase bandwidth usage in large networks.

正解：B 解答を投票する

出題：2

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Full Content inspection

B. Proxy-based inspection

C. Flow-based inspection

D. Certificate inspection

正解：C 解答を投票する

出題：3

An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

A. Packet payload

B. Ethernet header

C. IP header

D. Interface name

E. Application header

正解：A,C,D 解答を投票する

出題：4

Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

A. The session is a bidirectional UDP connection.

B. The session is in TCP ESTABLISHED state.

C. The session is a UDP unidirectional state.

D. The session is a bidirectional TCP connection.

正解：A 解答を投票する

出題：5

Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A. The IPS engine was blocking all traffic.

B. The IPS engine was unable to prevent an intrusion attack.

C. The IPS engine will continue to run in a normal state.

D. The IPS engine was inspecting high volume of traffic.

正解：D 解答を投票する

出題：6

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)

A. Antivirus scanning

B. File filter

C. DNS filter

D. Intrusion prevention

正解：A,D 解答を投票する

出題：7

NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

A. Application control

B. Antivirus

C. Web proxy

D. Web filtering

正解：B 解答を投票する

出題：8

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

A. On Remote-FortiGate, set Seconds to 43200.

B. On HQ-FortiGate, enable Diffie-Hellman Group 2.

C. On HQ-FortiGate, enable Auto-negotiate.

D. On HQ-FortiGate, set Encryption to AES256.

正解：D 解答を投票する

出題：9

Refer to the exhibit, which contains a static route configuration.

An administrator created a static route for Amazon Web Services.
What CLI command must the administrator use to view the route?

A. get router info routing-table database

B. diagnose firewall proute list

C. get router info routing-table all

D. get internet service route list

正解：B 解答を投票する

出題：10

Refer to the exhibit.

The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?

A. port3

B. port1

C. port2

D. port4

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」